If you can already SSH into your Ubuntu based AWS EC2 instance with the default ubuntu
user and and the default key file you generated in AWS, but need to add another admin user with their own private key, here’s how to do it:
1) Let’s assume the IP address of your instance is 123.456.789.123 and the default key file is named default_key.pem. SSH into your instance with the default user and key:
ssh -2 -i default_key.pem ubuntu@123.456.789.123
2) Once in, add a new user:
sudo adduser pixelninja
3) Add the created user into the admin group:
sudo adduser pixelninja admin
If you don’t want to have to type in a password every time you use sudo
under the new user, do:
sudo vi /etc/sudoers
And add the following under the root user in the “User privilege specification” section:
# User privilege specification root ALL=(ALL:ALL) ALL pixelninja ALL=(ALL) NOPASSWD:ALL
Just a note: it’s worth considering whether you want to do this because of security reasons, but it does make life easier.
4) Switch to the new user and navigate to the .ssh folder in your home directory:
su pixelninja cd ~/.ssh
5) Generate a new RSA key pair:
ssh-keygen -t rsa
You can name your key pair and add a password if you want. For the sake of this tutorial, let’s assume you used the default name. If you now do ls -l
, you should see two files: id_rsa and id_rsa.pub.
6) Copy the public key into authorized_keys:
cat id_rsa.pub > authorized_keys
7) Change permissions on the directory and the files:
cd.. chmod 700 .ssh chmod 600 .ssh/*
Also make sure that the new user is the owner of the .ssh directory and everything that’s inside. It probably will, but just in case:
chown -R pixelninja:pixelninja .ssh
8) Copy the private key into the /tmp folder, so that you can download it to your local machine. Make sure it’s readable by the default user.
cp .ssh/id_rsa /tmp chmod 644 /tmp/id_rsa
9) On your local computer download the private key file with the default user and key file:
scp -i default_key.pem ubuntu@123.456.789.123:/tmp/id_rsa ./
and change the file permissions to read-only:
chmod 400 id_rsa
10) Test that you can log in with the new user:
ssh -2 -i id_rsa pixelninja@123.456.789.123
and if all is good, delete the private key from the /tmp folder:
rm /tmp/id_rsa
11) Kick back, relax, and enjoy your new user account.